Nikon has advised D750 DSLR users to manually activate the security setting on Nikon’s Wi-Fi software app for mobile devices, to avoid the risk of unauthorised access to the camera’s images by a third party.

Click here to read ‘AP responds to Nikon D750 Wi-Fi furore’

Nikon’s Wireless Mobile Utility app, for Android and Apple iOS operating systems, allows photographers to wirelessly connect their mobile device to a Nikon camera.

However, Amateur Photographer (AP)’s technical team has discovered a potential security flaw during their review of a full-production sample of the D750, which went on sale in the UK two days ago.

If users connect directly to the camera’s broadcast SSID, but do not manually activate the Wi-Fi security settings via the app on the mobile device, then they could expose the D750’s images to unauthorised access.

The Wireless Mobile Utility app is designed for use with Nikon’s Coolpix compacts, as well as its DSLRs.

AP's Andy Westlake gets his hands on the Nikon D750

AP’s Andy Westlake gets his hands on the Nikon D750

AP technical editor Andy Westlake (pictured above), who got his hands on the D750 last night, said: ‘I couldn’t believe it. The Nikon D750 uses an unsecured Wi-Fi network by default when connecting directly to its SSID, and doesn’t at any point require the camera owner to validate the identity of a smart device that’s trying to connect to it.

‘If you have D750’s Wi-Fi turned on, but your own phone isn’t connected to it, then anyone with a smart device and the Nikon Wireless Mobile Utility can connect to the camera and download images from the memory card without the owner’s permission.

‘We tested and confirmed this in the AP office; another smartphone user simply has to connect to the camera’s Wi-Fi network and start up the Nikon app to be able to browse and download images. The camera gives no clear indication that anything might be amiss.

‘What’s worse is that it’s possible for the owner to mark images for transfer to a smart device on the camera in playback mode.

‘These images are pushed automatically to the first device that connects to the camera afterwards, regardless of who owns it. So another user can potentially intercept your favourite or most valuable images.’

In response, the company says it is looking into the Nikon D750 Wi-Fi security issue.

A Nikon UK spokesperson told AP: ‘We appreciate the feedback. As a business, we take security seriously.

‘Our advice would always be that people should activate the security settings available to them.’

Whether the app should activate the security setting, by default, appears to be a subject of debate within Nikon.

Nikon claims that security advice is contained in the instruction manuals of both the app and the camera. Users of certain Android devices can directly set up a secured connection using the Wi-Fi Protected Access (WPS) protocol, but this isn’t currently supported by Apple’s iOS devices.

However, photographers who don’t read these manuals could be at risk.

The discovery comes amid worldwide security concerns following the unauthorised publication of people’s private images on the internet.

Andy added: ‘The saving grace for Nikon is that only one device can communicate with the camera at any given time, so if your own phone is connected your images are probably safe.’

The D750 is a 24.3-million-pixel, full-frame, enthusiast-level DSLR.

The camera is also compatible with Nikon’s WR-R10 Wireless Transceiver and WR-T10 Wireless Transmitter, as well as Eye-Fi cards.

Nikon says the Wi-Fi app is updated each time a new camera is released.

The D750 went on sale in the UK on 23 September.

Click here to read ‘AP responds to Nikon D750 Wi-Fi furore’ 

CLICK HERE TO READ OUR STEP-BY-STEP GUIDE TO SECURING THE NIKON D750 WI-FI

[Photo credit: C Cheesman]

This article was updated on 29 September by AP technical editor Andy Westlake, to make clear that users of Android devices which support Wi-Fi Protected Setup (WPS) can directly establish a secure connection to the D750 using this method. However this option isn’t available to iOS users.

  • Grinch Jones

    Unbelievable venom being shown here towards AP and mostly unwarranted.
    In this day and age of scamming and trolling, WiFi security should be enabled by default, perhaps the code being the camera serial number to make it easy never to lose it. Users are not wholly knowledgeable, and frankly few read the entire manual until they have had a camera some weeks (many will never read it all, and no, they don’t deserve what they get if they don’t read it all – Do you buy a car with locks that need to be enabled? No – the function is assumed to be needed.)
    So, whether the article was OTT or not, it was definitely valid to raise it.

  • Ryan Fletcher

    Wow, the Nikon Fan Boys are out in force on this one.

  • EnglishPaul

    No it’s not a European standard, it is just AP trying to justify their asinine “reporting”. Every router I’ve set up has come similarly openly configured. Even laptops don’t come with security enabled by default. Still let’s not let the facts get in the way of tarnishing a Nikon product and getting some cheap clicks eh AP. sarc

  • dgr

    I just realized you need to charge the battery before the D750 works so you have to spend MORE money using your own electricity before you can even take a picture! This better be in the manual and clearly stated on the box!

  • dgr

    “Nikon is pretty much unique in setting up an unsecured network by default.” Maybe this is some kind of European standard. Most wireless devices here in the US, at least the ones I’ve worked with, you need to setup security if you want it. I can definitely setup my home wireless router without security and all the different types I have worked with have been the same.

    Only one device I have ever owned came with wireless security turned on and that was a Sony action cam. That camera stored the wifi password in clear text on the camera. That is a “security risk”.

    End user error should not be the responsibility of the vendor. That’s the nice way of saying “don’t blame Nikon if you’re an idiot”.

  • EnglishPaul

    I see they’ve added the tiny amendment “by default”. So the wireless set up is not insecure at all just an open network if you leave it at its default settings (pretty much like all wireless devices then), walk around with wifi active all the time and your own smart phone not on/connected. I don’t know about amateur photographers, they’ve certainly shown themselves to be amateur journalists.

  • Davidvictormeldrew Idontbeliev

    Please RETRACT / or AMEND this article in bold letters with your update as this article – as this matter has spread throughout wild fire WWW and is potentially causing damage to Nikon. I wouldn’t be surprise if you don’t get a hammering from Nikon and it’s lawyers.

  • This is an incredibly lame response to your mistake. It would be better of you just to admit that you overstated the issue. MANY wireless devices come with either a default password (which can easily be looked up via a google search) or come with no default authentication set up.

    In fact, the D750 comes with WPA2-PSK authentication, and the moment you enter the wifi menu, you can see that there is an option to turn this on.

    Are you spreading FUD just for clicks? shame.

  • Cameron K. Fong

    This is silly, it is not uncommon to ship a device with unsecured wifi, at best it is a generic default password (like “password”) if your technical editor can’t work out that there are Wifi setting then maybe you should look at his credentials closely and consider replacing him. Stop scare-mongering, and being sensationalist. Try reading the manual.

  • 5DollarFootlong

    In other news my car door doesn’t automatically lock itself when I close it. This means every person can just walk in and sit in my car.

    BMW should be ashamed of itself…

  • Sebastien

    Turn on the security, idiots!

    Hey… Most routers are working the same way as new, like cell phones, etc.

    I guess Nikon should indicates on the box: not intended for retards.

  • EnglishPaul

    Is this the level to which AP has sunk? Are you really so desperate to be the first to find fault or just to drive traffic to your website? I’m sure most buyers have set up routers etc that are either open or supplied with default passwords. They have set up wireless networks and are more than familiar with need to enter passwords to secure them. I’m sure nikon have chosen to make set up easier by this route and people can secure it if they have a need to or wish. It’s a camera not an access to your bank account. You’re being ridiculed in the forums right now.

  • Rhys08

    The average user of such a camera seems to be aware of the settings and the need for a secure connection. Please stop making a fool out of yourselves by defending such a pointless article…

  • No offense, but this seems like a bit of an over reaction and an unfair criticism to Nikon. Is it that confusing to use an app that consists of 4 buttons, one of which is the settings icon. I would consider the users of a D750 technically savvy if they are investing and using a camera of this caliber, certainly capable of figuring it out if they care about it.

  • Amateur Photographer

    In response to the various comments here:
    1) We use a huge range of Wi-Fi equipped mobile devices: cameras, Wi-Fi cards and card readers, Wi-Fi hard disc drives and so on, all the time. All come with security enabled out of the box; Nikon is pretty much unique in setting up an unsecured network by default.
    2) The D750 manual warns you that you should turn on security for Wi-Fi, on page xxvi. But nowhere does it tell you how this is done.
    3) The Wireless Mobile Utility app allows you to turn on WPA security, but it never specifically warns you that you should do so.
    4) The manual for WMU describes the menu option for setting a password, but again doesn’t clearly explain what this is for. And while this manual is linked from the Help section of the iOS app, it isn’t available from the Android version.

    What this means, overall, is that the D750 operates out-of-the-box as an unsecured Wi-Fi network, and requires the user to work out how to turn on WPA in the app, to make it properly secure. No other brand does this. Instead they all require you to use NFC, QR codes, or a preset password to connect, or alternatively to confirm the identity of the smart device on the camera itself.

  • Shaul Boilov

    Such a pointless article…

  • EnglishPaul

    Complete nonsense article AP. You should be ashamed of yourselves. I suggest your “technical” department learn how to read a manual. Maybe it’s time Nikon starting suing.

  • dgr

    So they should turn on security before setup? That would be really secure because no one could use it. lol Pointless article.

  • Davidvictormeldrew Idontbeliev

    Please revoke OR Amend this news item and damaging this camera’s reputation, the camera & software comes as un/secure / default like other devices & software and it is up to the user as described in the instruction manual and software to setup the protection.

  • Capo99

    Are you kidding me? Fear mongering in it’s worst form!

  • kotozafy

    Dear sir, did you read your instruction manual ?